Lapses in PC Disposal Security Put Data at Risk

By CIOinsight |
Posted 12-17-2010

Protecting PCs doesn't stop when they are still being used by employees; it
continues to the very end of a machine's life -- the day when it heads to the
dump.

This was underscored recently by
a NASA audit that revealed a number of security failures connected to
machines slated for disposal. At NASA's Ames
Research Center
in California for example, there
was no "sanitation verification testing" for PCs at the end of their
life cycle. The situation was found to be the same at the Lyndon
B. Johnson Space
Center in Texas.

And the audit also found that 10 computers from the John
F. Kennedy Space
Center in Florida
had been released to the public despite failing sanitation verification tests -- meaning
they had not been properly wiped. Four other computers that failed the
tests were confiscated by the auditors when they found the machines
were being prepared for sale or release to the public.

"When we tested the confiscated computers, we discovered that one
contained data subject to export control by the International Traffic in Arms
Regulations (ITAR)," according to NASA's
report (PDF).